trade

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires running "npx awal@latest trade", which causes npx to fetch and execute remote package code from the npm registry at runtime (npx awal@latest), so the skill depends on and executes external code fetched at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute cryptocurrency trades: it provides a dedicated "trade" command to swap tokens on the Base network via a Swap API, requires wallet authentication, accepts token addresses and amounts, supports slippage and JSON output, and references transaction-level errors (e.g., TRANSFER_FROM_FAILED). This is a specific crypto/blockchain execution capability (signing/sending on-chain swap transactions), so it grants direct financial execution authority.